North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: The impending DDoS storm
> has anyone tried tarpitting eg labrea to slow the worm? I have been using my Linux kernel module ipt_TARPIT (included in the latest netfilter.org patch-o-matic release) to do this for any IPs on my network lacking a route, including outbound from my customers and inbound to my unused address space. While it is trying to scan routeless IPs, the tarpit slows it down to scanning 20 IPs per ~9 minutes. (MSBlast has 20 connection slots, each apparently timing out after ~9 minutes.) It normally appears to have a several second connect timeout, so this slows it down by two orders of magnitude with a similar drop in network traffic. -- Aaron
|